REST API - Improved HTTP Authentication

Suggestion Description

Jira Server REST API is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes.

Turns out that there are several ways to make the API more secure, like for instance, interacting with SAML/OKTA or even using a Token Based authentication in-app. The intent of this suggestion is to enable the use of resources like SAML/OKTA for the REST API or to enable a Token Based authentication to provide secure communication in between client and application.

Feature Requests for different applications

The same request already exists for Confluence (CONFSERVER-54412), will be released for BitBucket (BSERV-2722) and has been requested to Bamboo (BAM-12095) as well.

Sample Payload

Currently, if we want to create an issue, we would need to execute below call:

curl -D- -u "adminuser:adminpassword" -X POST --data {see below} -H "Content-Type: application/json" http://localhost:8080/rest/api/2/issue/

{
    "fields": {
       "project":
       { 
          "key": "TEST"
       },
       "summary": "REST ye merry gentlemen.",
       "description": "Creating of an issue using project keys and issue type names using the REST API",
       "issuetype": {
          "name": "Bug"
       }
   }
}

As can be seen above, we do need to send an username and password at the header of the request to have it working properly, which is considered insecure. This is what we would like to avoid.